Permissions in Linux - Asterisk
-
Linux Gurus:
Upon restarting my PBX (FreePBX) or restarting Asterisk, permissions are reset on any directories/files needed by Asterisk. In FreePBX 13, the “fwconsole chown” command accomplishes the same thing.
I need to have one user “fred” have write permission to the /var/www/html/test directory to occasionally update files within that folder. I can change the folder owner via SSH with a command, but the owner always gets reset when Asterisk restarts, and therefore user “fred” no longer can write to that directory. Fred is a member of the wheel group, who is also allowed to Sudo.
Fred is using WinSCP to try and transfer the files, and does not want to have to SSH into the server to change his permissions before he uploads the file.
What is the best practice for allowing fred permanent write access to that one directory, considering that the permissions are always reset upon restart?
-
Fred needs to be added to the group owner of those files, don't change the actual owner, that will just cause reliability issues.
-
Additionally if the files being uploaded are not supposed to be owned by
fred:fred
but byfred:apache
or some other group, then you can do a setgid on the /var/www/html/test directory withchmod g+s /var/www/html/test
.Fred could also just do a
chown fred:apache
on the files, if they need to be owned by a different group. -
Everytime permissions are reset by asterisk, the permissions are changed to asterisk:asterisk
-
@fuznutz04 said in Permissions in Linux - Asterisk:
Everytime permissions are reset by asterisk, the permissions are changed to asterisk:asterisk
Then you need to write a small script to change the files back to what you need and then cron it to run ever X minutes/hours/whatever.
Then tell the user that if he has a problem wait until the next cycle and it will fix it.
-
Or create a new location for his files and publish that with Apache.
-
Is one method preferred/better than the other? (script to change permissions vs changing file location of file)
-
@fuznutz04 said in Permissions in Linux - Asterisk:
Is one method preferred/better than the other? (script to change permissions vs changing file location of file)
To me, it would come down to WTF you are using these custom things for. Without that detail, I have no idea what would be better.
-
@JaredBusch said in Permissions in Linux - Asterisk:
@fuznutz04 said in Permissions in Linux - Asterisk:
Is one method preferred/better than the other? (script to change permissions vs changing file location of file)
To me, it would come down to WTF you are using these custom things for. Without that detail, I have no idea what would be better.
Pretty much this. Are the specifically for the PBX? Or are they just being put there to be sent over the web?
-
@coliver said in Permissions in Linux - Asterisk:
@JaredBusch said in Permissions in Linux - Asterisk:
@fuznutz04 said in Permissions in Linux - Asterisk:
Is one method preferred/better than the other? (script to change permissions vs changing file location of file)
To me, it would come down to WTF you are using these custom things for. Without that detail, I have no idea what would be better.
Pretty much this. Are the specifically for the PBX? Or are they just being put there to be sent over the web?
If it is the latter case, put it all in a different directory outside of /var/www/html and then add said directory to the apache conf files.
-
@JaredBusch said in Permissions in Linux - Asterisk:
@coliver said in Permissions in Linux - Asterisk:
@JaredBusch said in Permissions in Linux - Asterisk:
@fuznutz04 said in Permissions in Linux - Asterisk:
Is one method preferred/better than the other? (script to change permissions vs changing file location of file)
To me, it would come down to WTF you are using these custom things for. Without that detail, I have no idea what would be better.
Pretty much this. Are the specifically for the PBX? Or are they just being put there to be sent over the web?
If it is the latter case, put it all in a different directory outside of /var/www/html and then add said directory to the apache conf files.
Or better yet get it off your PBX and onto a dedicated webserver.
-
@JaredBusch said in Permissions in Linux - Asterisk:
@fuznutz04 said in Permissions in Linux - Asterisk:
Is one method preferred/better than the other? (script to change permissions vs changing file location of file)
To me, it would come down to WTF you are using these custom things for. Without that detail, I have no idea what would be better.
We're querying a file in this location to get some information from the PBX such as current calls, queue information, etc for an internal piece of software. It doesn't have to be in that directory, so I'll go down t he path of just moving the files and referencing them. Hopefully FreePBX wont overwrite the apache conf file when upgraded/reloaded.
-
@fuznutz04 said in Permissions in Linux - Asterisk:
@JaredBusch said in Permissions in Linux - Asterisk:
@fuznutz04 said in Permissions in Linux - Asterisk:
Is one method preferred/better than the other? (script to change permissions vs changing file location of file)
To me, it would come down to WTF you are using these custom things for. Without that detail, I have no idea what would be better.
We're querying a file in this location to get some information from the PBX such as current calls, queue information, etc for an internal piece of software. It doesn't have to be in that directory, so I'll go down t he path of just moving the files and referencing them. Hopefully FreePBX wont overwrite the apache conf file when upgraded/reloaded.
It probably will. There is an includes directory in the default conf somewhere, I don't know where, that references a directory without configurations in it. That's where you want to setup a new file/configuration.
-
@fuznutz04 said in Permissions in Linux - Asterisk:
@JaredBusch said in Permissions in Linux - Asterisk:
@fuznutz04 said in Permissions in Linux - Asterisk:
Is one method preferred/better than the other? (script to change permissions vs changing file location of file)
To me, it would come down to WTF you are using these custom things for. Without that detail, I have no idea what would be better.
We're querying a file in this location to get some information from the PBX such as current calls, queue information, etc for an internal piece of software. It doesn't have to be in that directory, so I'll go down t he path of just moving the files and referencing them. Hopefully FreePBX wont overwrite the apache conf file when upgraded/reloaded.
Why not push it directly to where you need it?
-
@scottalanmiller said in Permissions in Linux - Asterisk:
@fuznutz04 said in Permissions in Linux - Asterisk:
@JaredBusch said in Permissions in Linux - Asterisk:
@fuznutz04 said in Permissions in Linux - Asterisk:
Is one method preferred/better than the other? (script to change permissions vs changing file location of file)
To me, it would come down to WTF you are using these custom things for. Without that detail, I have no idea what would be better.
We're querying a file in this location to get some information from the PBX such as current calls, queue information, etc for an internal piece of software. It doesn't have to be in that directory, so I'll go down t he path of just moving the files and referencing them. Hopefully FreePBX wont overwrite the apache conf file when upgraded/reloaded.
Why not push it directly to where you need it?
You mean push the original files in question to the PBX via script?
-
@fuznutz04 said in Permissions in Linux - Asterisk:
@scottalanmiller said in Permissions in Linux - Asterisk:
@fuznutz04 said in Permissions in Linux - Asterisk:
@JaredBusch said in Permissions in Linux - Asterisk:
@fuznutz04 said in Permissions in Linux - Asterisk:
Is one method preferred/better than the other? (script to change permissions vs changing file location of file)
To me, it would come down to WTF you are using these custom things for. Without that detail, I have no idea what would be better.
We're querying a file in this location to get some information from the PBX such as current calls, queue information, etc for an internal piece of software. It doesn't have to be in that directory, so I'll go down t he path of just moving the files and referencing them. Hopefully FreePBX wont overwrite the apache conf file when upgraded/reloaded.
Why not push it directly to where you need it?
You mean push the original files in question to the PBX via script?
I thought that they were already on the PBX. Push them to somewhere else via script is what I was thinking.
-
@scottalanmiller said in Permissions in Linux - Asterisk:
@fuznutz04 said in Permissions in Linux - Asterisk:
@scottalanmiller said in Permissions in Linux - Asterisk:
@fuznutz04 said in Permissions in Linux - Asterisk:
@JaredBusch said in Permissions in Linux - Asterisk:
@fuznutz04 said in Permissions in Linux - Asterisk:
Is one method preferred/better than the other? (script to change permissions vs changing file location of file)
To me, it would come down to WTF you are using these custom things for. Without that detail, I have no idea what would be better.
We're querying a file in this location to get some information from the PBX such as current calls, queue information, etc for an internal piece of software. It doesn't have to be in that directory, so I'll go down t he path of just moving the files and referencing them. Hopefully FreePBX wont overwrite the apache conf file when upgraded/reloaded.
Why not push it directly to where you need it?
You mean push the original files in question to the PBX via script?
I thought that they were already on the PBX. Push them to somewhere else via script is what I was thinking.
They (apparently) have custom scripts that pull data from Asterisk for use elsewhere. These scripts would have to reside on the Asterisk box.
Of course they could rewrite things to remotely connect to asterisk and pull the data also, but I personally have no experience in doing that.
-
@JaredBusch said in Permissions in Linux - Asterisk:
@scottalanmiller said in Permissions in Linux - Asterisk:
@fuznutz04 said in Permissions in Linux - Asterisk:
@scottalanmiller said in Permissions in Linux - Asterisk:
@fuznutz04 said in Permissions in Linux - Asterisk:
@JaredBusch said in Permissions in Linux - Asterisk:
@fuznutz04 said in Permissions in Linux - Asterisk:
Is one method preferred/better than the other? (script to change permissions vs changing file location of file)
To me, it would come down to WTF you are using these custom things for. Without that detail, I have no idea what would be better.
We're querying a file in this location to get some information from the PBX such as current calls, queue information, etc for an internal piece of software. It doesn't have to be in that directory, so I'll go down t he path of just moving the files and referencing them. Hopefully FreePBX wont overwrite the apache conf file when upgraded/reloaded.
Why not push it directly to where you need it?
You mean push the original files in question to the PBX via script?
I thought that they were already on the PBX. Push them to somewhere else via script is what I was thinking.
They (apparently) have custom scripts that pull data from Asterisk for use elsewhere. These scripts would have to reside on the Asterisk box.
Of course they could rewrite things to remotely connect to asterisk and pull the data also, but I personally have no experience in doing that.
Correct, or another alternative would be to just write a script that copies the updated files from a source server, to the destination PBX(s). That would eliminate the need for the user fred to have to do anything at all.
-
@JaredBusch said in Permissions in Linux - Asterisk:
@scottalanmiller said in Permissions in Linux - Asterisk:
@fuznutz04 said in Permissions in Linux - Asterisk:
@scottalanmiller said in Permissions in Linux - Asterisk:
@fuznutz04 said in Permissions in Linux - Asterisk:
@JaredBusch said in Permissions in Linux - Asterisk:
@fuznutz04 said in Permissions in Linux - Asterisk:
Is one method preferred/better than the other? (script to change permissions vs changing file location of file)
To me, it would come down to WTF you are using these custom things for. Without that detail, I have no idea what would be better.
We're querying a file in this location to get some information from the PBX such as current calls, queue information, etc for an internal piece of software. It doesn't have to be in that directory, so I'll go down t he path of just moving the files and referencing them. Hopefully FreePBX wont overwrite the apache conf file when upgraded/reloaded.
Why not push it directly to where you need it?
You mean push the original files in question to the PBX via script?
I thought that they were already on the PBX. Push them to somewhere else via script is what I was thinking.
They (apparently) have custom scripts that pull data from Asterisk for use elsewhere. These scripts would have to reside on the Asterisk box.
Understood. Was thinking that instead of saving the data locally, they could immediately push it elsewhere so that the perms wouldn't be an issue.